GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
415 advisories
Filter by severity
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
High
CVE-2024-32655
was published
for
Npgsql
(NuGet)
May 9, 2024
DotNetZip Directory Traversal vulnerability
High
CVE-2024-48510
was published
for
DotNetZip
(NuGet)
Nov 13, 2024
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
High
CVE-2024-39677
was published
for
NHibernate
(NuGet)
Jul 8, 2024
Duplicate Advisory: .NET and Visual Studio Denial of Service Vulnerability
High
GHSA-wmm6-pgp8-29hg
was published
for
System.Formats.Nrbf
(NuGet)
Nov 12, 2024
•
withdrawn
Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability
High
CVE-2024-43383
was published
for
Lucene.Net.Replicator
(NuGet)
Oct 31, 2024
Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability
High
CVE-2024-43485
was published
for
System.Text.Json
(NuGet)
Oct 8, 2024
NULL Pointer Dereference in Protocol Buffers
High
CVE-2021-22570
was published
for
Google.Protobuf
(Composer)
Jan 27, 2022
protobuf susceptible to buffer overflow
High
CVE-2015-5237
was published
for
Google.Protobuf
(Composer)
May 13, 2022
Security Update for the OPC UA .NET Standard Stack
High
GHSA-qm9f-c3v9-wphv
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 18, 2024
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability
High
CVE-2024-43483
was published
for
Microsoft.Extensions.Caching.Memory
(NuGet)
Oct 8, 2024
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation
High
CVE-2023-41890
was published
for
Kentor.AuthServices
(NuGet)
Sep 20, 2023
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability
High
CVE-2024-38229
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
Oct 8, 2024
ASP.NET Core and Visual Studio Denial of Service Vulnerability
High
CVE-2021-1723
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
May 24, 2022
Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability
High
CVE-2024-43484
was published
for
System.IO.Packaging
(NuGet)
Oct 8, 2024
.NET Elevation of Privilege Vulnerability
High
CVE-2024-21409
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Apr 17, 2024
Component takeover in Oracle Data Provider for .NET
High
CVE-2023-21893
was published
for
Oracle.ManagedDataAccess
(NuGet)
Jan 18, 2023
Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json
High
GHSA-8rfx-6mr3-5jh3
was published
for
Newtonsoft.Json
(NuGet)
Jan 3, 2024
•
withdrawn
Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability
High
CVE-2024-38168
was published
for
Microsoft.AspNetCore.App.Runtime.win-arm
(NuGet)
Aug 13, 2024
Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability
High
CVE-2024-30105
was published
for
System.Text.Json
(NuGet)
Jul 9, 2024
tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
High
CVE-2024-41799
was published
for
Tgstation.Server.Api
(NuGet)
Jul 29, 2024
Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability
High
CVE-2024-38095
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
Jul 9, 2024
Microsoft Security Advisory CVE-2024-38081 | .NET Denial of Service Vulnerability
High
CVE-2024-38081
was published
for
Microsoft.IO.Redist
(NuGet)
Jul 9, 2024
ChakraCore RCE Vulnerability
High
CVE-2016-7200
was published
for
Microsoft.ChakraCore
(NuGet)
May 14, 2022
ChakraCore RCE Vulnerability
High
CVE-2016-7201
was published
for
Microsoft.ChakraCore
(NuGet)
May 14, 2022
OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability
High
CVE-2024-33862
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Jul 6, 2024
ProTip!
Advisories are also available from the
GraphQL API